Am I using vault AppVM right?

zita35476 · July 7, 2024, 12:27pm

Hi everyone. I have two vault AppVMs: ‘vault’ and ‘vault-use’. I had questions if I am dealing with ‘vault’ right.

Here’s what I do: ‘vault’ is for nothing but storing. I never open any file in it. I only open XFCE terminal and Thunar. I never double click a file in Thunar, or run any command other than ‘cp’, ‘mv’ and ‘rm’. Does this mean that no (strange/added) file will ever get processed in ‘vault’? Because as far as I know, if a file got processed, there’s a chance that the file exploits a bug in the software processing it that could lead to compromising the other files in the VM. So, am I using ‘vault’ right? Is it right to have such VM that never launches any software except the ‘simple’ three commands mentioned: ‘cp’, ‘mv’, ‘rm’? Am I relying right on ‘Thunar’ not to process any file? I use Thunar with the default setting it got from Qubes (which includes not making thumbnails for files, is this enough?) I see Thunar setting the icon of a file to be right even though the extension doesn’t exist (I believe it does it via reading its signature or so, which is not dangerous processing. Am I right? Please tell me.) Give me your thoughts!

How does one use an AppVM that if for nothing but storing files, and that if there’s a file or more are viruses or dangerous or whatever, they can’t do anything?

apparatus · July 7, 2024, 1:11pm

There could be some vulnerability in the processing of the file name and other info/metadata.

unman · July 7, 2024, 2:04pm

Here’s what I do: ‘vault’ is for nothing but storing. I never open any file in it. I only open XFCE terminal and Thunar. I never double click a file in Thunar, or run any command other than ‘cp’, ‘mv’ and ‘rm’. Does this mean that no (strange/added) file will ever get processed in ‘vault’? Because as far as I know, if a file got processed, there’s a chance that the file exploits a bug in the software processing it that could lead to compromising the other files in the VM. So, am I using ‘vault’ right? Is it right to have such VM that never launches any software except the ‘simple’ three commands mentioned: ‘cp’, ‘mv’, ‘rm’? Am I relying right on ‘Thunar’ not to process any file? I use Thunar with the default setting it got from Qubes (which includes not making thumbnails for files, is this enough?) I see Thunar setting the icon of a file to be right even though the extension doesn’t exist (I believe it does it via reading its signature or so, which is not dangerous processing. Am I right? Please tell me.) Give me your thoughts!

Many questions here.
This is one way of using a vault qube. You can reduce the risk of opening
a file in such a qube by using a minimal template, perhaps with thunar
installed, if you must have a GUI file manager.
Otherwise it is a reasonable approach to take to file storage.

Store the files in one (minimal) qube - if you need to open them, use
an offline disposable. You can automate this by using a mimeapps.list
file that links every application type to a desktop file that spawns a
disposable - for an example take a look here where I use
this method for storing files, and opening them in a disposable.

You may also want to set limits on file access to and from the vault -
look under Qubes Global Config, under File Access.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.